Extracted

Extracted

• • Target

    2a783c911860a2a6b35503cc06bd6a5d8be0ef788830e766e24cf645091068f5

  • Size

    691KB

  • MD5

    c2c745fc7f3e741dc523777beabb74ca

  • SHA1

    fa88e741dcf41737f32be0f832252a50da346c8d

  • SHA256

    2a783c911860a2a6b35503cc06bd6a5d8be0ef788830e766e24cf645091068f5

  • SHA512

    074e849c8899508b2aafb81ef5a39da34f4d0516df80e08f8e75a8afd8ae11fe82bd92dd36a8d6093d0a8e28fd3925ed3a3dbd1f34b0a8b1969a2e071003a7c9

  • SSDEEP

    12288:7MrXy90dtAT6vJKb1VZx9GoPCX/NsOXRNZnSK8wbWfz13l:YyEtAT6vJMRpWNsiRNZnMwbex3l

  Score

  10^/10

  amadeyredlinefabiodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1